ChangeLog-2.6.16.3

2006-04-12T00:00:00
ID SECURITYVULNS:DOC:12192
Type securityvulns
Reporter Securityvulns
Modified 2006-04-12T00:00:00

Description

commit e2c78fb27dd13ab8c778a9689affe95c92030a32 Author: Greg Kroah-Hartman <gregkh@suse.de> Date: Mon Apr 10 22:27:44 2006 -0700

Linux 2.6.16.3

commit 5494bd6a500cc7c5a502279eabfbdacccd4b89d1 Author: David Howells <dhowells@redhat.com> Date: Mon Apr 10 17:01:40 2006 +0000

[PATCH] Keys: Fix oops when adding key to non-keyring [CVE-2006-1522]

This fixes the problem of an oops occuring when a user attempts to add a
key to a non-keyring key [CVE-2006-1522].

The problem is that __keyring_search_one&#40;&#41; doesn&#39;t check that the
keyring it&#39;s been given is actually a keyring.

I&#39;ve fixed this problem by:

 &#40;1&#41; declaring that caller of __keyring_search_one&#40;&#41; must guarantee that
     the keyring is a keyring; and

 &#40;2&#41; making key_create_or_update&#40;&#41; check that the keyring is a keyring,
     and return -ENOTDIR if it isn&#39;t.

This can be tested by:

    keyctl add user b b &#96;keyctl add user a a @s&#96;

Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@osdl.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;